Hi I have a problem with monitoring Windows Services via WMI using a non-administrator domain user.
I am currently using an admin user and everything works fine. Both CPU, Memory, Disk and Services sensors. Due to PCI-DSS compliance, I need to change a user without administrative permissions.
I created a new user and on each remote computer I assigned it to the "Performance Monitor Users" and "Distributed COM Users" groups, additionally, I added the "Performance Monitor Users" group to wmimgmt.msc ->Root/CIMV2 and gave it the corresponding permissions. The CPU, Memory and Disk sensors are working with the new user, but the WMI Service sensor still doesn't work.
Are there any special permissions or special settings that I need to use for these sensors? I also tried using the setup from the link https://learn.microsoft.com/en-us/windows/win32/wmisdk/securing-a-remote-wmi-connection but it doesn't work, at least not for me.
I will appreciate any help you can offer me.
Article Comments
Hi Mitzi. If I understand correctly, the other Sensors Like CPU, Memory and Disk can works perfectly without Administration Rights (Domain or Local), but it is not the case WMI Sensor for Windows Services, am I Right?
Thank you.
Jun, 2023 - Permalink
Hi Israel,
No, it is a general WMI requirement for all sensors, I understand some of them are working, however the guide specifies admin is required.
Jun, 2023 - Permalink
Yes, they all work without administrator rights, except for the "WMI Services" sensor. I am looking for an alternative for this sensor because PCI-DSS will not accept a user with administrator privileges.
So I'm going to keep looking.
Thank you.
Jun, 2023 - Permalink
Hello Israel,
The user must be a member of the Domain Administrators group in the same Active Directory as the target system or the local Administrators group if not part of the domain.
Please refer to this article here
Thanks
Jun, 2023 - Permalink